A default CouchDB install provides admin-level access to all connecting
users. This configuration is known as Admin Party, and is not recommended
for in-production usage. You can crash the party simply by creating the
first admin account. CouchDB server administrators and passwords are not
stored in the _users database, but in the last [admins] section
that CouchDB finds when loading its ini files. See :config:intro for
details on config file order and behaviour. This file (which could be
something like etc/local.ini or etc/local.d/10-admins.ini on a
Debian/Ubuntu system installed from packages) should be appropriately
secured and readable only by system administrators:

Administrators can be added directly to the [admins] section, and when
CouchDB is restarted, the passwords will be salted and encrypted. You may
also use the HTTP interface to create administrator accounts; this way,
you don’t need to restart CouchDB, and there’s no need to temporarily store
or transmit passwords in plaintext. The HTTP
/_node/{node-name}/_config/admins endpoint supports querying, deleting
or creating new admin accounts:

If you already have a salted, encrypted password string (for example, from
an old ini file, or from a different CouchDB server), then you can store
the “raw” encrypted string, without having CouchDB doubly encrypt it.

The number of iterations for password hashing by the PBKDF2 algorithm.
A higher number provides better hash durability, but comes at a cost
in performance for each request that requires authentication.